Businesses urged to buy security according to their actual needs

Organisations must resist the temptation to buy a whole raft of security technologies without first assessing their real and specific security needs, says industry expert Michael Dieroff.

To make sound cyber security investments, organisations need to understand the value of their data, where it is stored and where it has been sent, according to an industry expert.

“They must also have a firm understanding of the regulations and legislation that may affect their data as well as of actors, so we know who we are trying to protect ourselves against,” said Michael Dieroff, managing director of training and consulting firm Blue Screen IT.

“Look at regulations and legislation to identify what you absolutely have to do to avoid penalties for non-compliance with the laws and use current technology to help identify the real risks to the organisation and where new investment needs to be made,” Dieroff told Cybercon 2017 in Plymouth.

“Use the logging features of current systems to tell you what is actually going on in your IT environment on a day-to-day basis and identify potential issues and risks, such as phishing.”

But Dieroff said the most important thing when it comes to security budgets, is for organisations to be honest about their true security posture. “Failure to be totally honest about your real strengths and weaknesses will result in failure to protect yourself appropriately,” he said